CN102637152A - Device with processing unit and information storage - Google Patents

Device with processing unit and information storage Download PDF

Info

Publication number
CN102637152A
CN102637152A CN2012100271447A CN201210027144A CN102637152A CN 102637152 A CN102637152 A CN 102637152A CN 2012100271447 A CN2012100271447 A CN 2012100271447A CN 201210027144 A CN201210027144 A CN 201210027144A CN 102637152 A CN102637152 A CN 102637152A
Authority
CN
China
Prior art keywords
memory storage
module
information
information memory
processing unit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2012100271447A
Other languages
Chinese (zh)
Other versions
CN102637152B (en
Inventor
K.赫茨
J.斯亚森
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Infineon Technologies AG
Original Assignee
Infineon Technologies AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Infineon Technologies AG filed Critical Infineon Technologies AG
Publication of CN102637152A publication Critical patent/CN102637152A/en
Application granted granted Critical
Publication of CN102637152B publication Critical patent/CN102637152B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1416Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
    • G06F12/1425Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block
    • G06F12/1433Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block for a module or a part of a module
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2212/00Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
    • G06F2212/10Providing a specific technical effect
    • G06F2212/1052Security improvement

Abstract

The present invention discloses a device with a processing unit and an information storage. An embodiment which relates to the processing unit and a first information storage is described. The device comprises the following components: a processing unit which executes data processing operation; a first information storage which can be accessed for reading and writing by the processing unit; a first unit which initiates data processing operation from the processing unit; and an access control which is configured for being able to be switched from a first access mode to a second access mode. In the first access mode, the first information storage can be accessed by the first unit; and in the second access mode, the first information storage can not be accessed by the first unit in the data processing operation period.

Description

Equipment with processing unit and information-storing device
Technical field
The present invention relates to data processing, the particularly protection of the visit in the data processing.
Background technology
Data processing is embodied in almost each part of life now, and wherein increasing enforcement is still the trend that increases day by day.For example, in data communication, Secure Application or automotive applications, data processing is provided so that safe transmission, authentication and checking or the function reliable (safe) and the secure mobility such as data is provided.Usually the semiconductor equipment (for example microcontroller) that has programming controller unit (CPU that for example has one or more nuclears) is programmed so that realize these functions.In order to store data and program, the data-carrier store and the program storage that are associated with CPU are provided.In addition, in some systems, another processor such as dedicated coprocessor can be provided to be used to handle specific task or function.
Summary of the invention
According to an aspect, a kind of method comprises the first information is provided to the first information memory storage (storage) to be used to carry out first operation of processing unit from first module.In first operating period of processing unit, at processing unit with transmit second information at least between the first information memory storage, wherein first information memory storage can not be visited for first module in first operating period of processing unit.
According on the other hand, a kind of restriction comprises the execution of request to subroutine or order to the method for the visit of information-storing device, and wherein this execution is asked by first module and this subroutine or order and carried out by processing unit.The information that is used to carry out subroutine or order offers first information memory storage by first module.After information is provided for first information memory storage, the restrict access of restriction first module to the visit of first information memory storage is provided.
According on the other hand, a kind of equipment comprises: processing unit, and it carries out data processing operation; First information memory storage, it can carry out read access and write-access by processing unit; And first module, it initiates the data processing operation from processing unit.Access control is provided; Said access control is configured to maybe can be configured to switch to second pattern from first access module; First information memory storage can be visited by first module in first access module, and first information memory storage can not be visited for first module during data processing operation in second pattern.
According on the other hand, a kind of equipment comprises the op-code storage device and is used to be stored in the data storage device of the data of transmitting between first module and the data processing unit.Data processing unit is configured to carry out data processing operation based on the operational code that in the op-code storage device, is write by first module.Controller is provided that the protected data memory storage avoids writing and reading of first module when carrying out data processing operation at data processing unit, and when data processing operation is done, enables writing and reading of first module at least.
According on the other hand, a kind of information storing device comprises op-code storage device and data storage device, and wherein data storage device comprises a plurality of subelement memory storages.Controller be provided be stored in the op-code storage device in the data processing operation that is associated of operational code before in a plurality of subelement memory storages each be configured in operational code the term of execution the read/write protection.
Description of drawings
Figure 1A and 1B illustrate the block diagram according to example embodiment;
Fig. 2 illustrates the process flow diagram according to an example embodiment;
Fig. 3 illustrates the process flow diagram according to an example embodiment;
Fig. 4 A to 4D illustrates the instance according to an embodiment;
Fig. 5 illustrates the block diagram according to an example embodiment; And
Fig. 6 illustrates the block diagram according to an example embodiment.
Embodiment
Following detailed is explained exemplary embodiment of the present invention.This description is not taken on the restrictive meaning to be understood, but only makes from the purpose of the General Principle that embodiments of the invention are described, the scope of protection is only confirmed by appended claims simultaneously.
In illustrated in the accompanying drawings and the exemplary embodiment that describes below, any direct connection between functional block illustrated in the accompanying drawings or described here, equipment, parts or other physics or the functional unit or coupling also can be implemented by indirect connection or coupling.Functional block can make up with hardware, firmware, software or its and implement.
In addition, should be appreciated that the characteristic of various exemplary embodiments described here can mutual combination, only if explanation is ad hoc arranged in addition.
In various figure, identical or similar entity, module, equipment or the like can be assigned with identical Reference numeral.
With reference now to Figure 1A,, equipment 100 is shown as and comprises: first module 102; Data processing unit 104 is used for carrying out by first module 102 requested operation; And first information memory storage 106a, it is as the part of information stores assembly 106.This equipment can be for example microcontroller, comprise the circuit board (board) of microcontroller, implement the parts or the like of one or more semiconductor equipments therein.
In certain embodiments, first module 102 can be for example programme controlled unit.So first module 102 for example can comprise CPU nuclear.In some other embodiment, first module 102 can be a peripherals.Equipment 100 can comprise CC (circuitry) (for example bus), and it is used to allow as the first module 102 of separate units and the communication between the processing unit 104.Interface that in addition, can be provided for communicating by letter or the interface that is used to communicate by letter can be associated with first module 102, processing unit 104 and first information memory storage 106a.As an instance, can in first module 102, be provided for transmitting the interface of operational code or data.
Processing unit 104 can be assigned to first module 102 to be used to carry out the data processing of being initiated by first module 102.For example; Application program of moving on the host CPU nuclear in being included in first module (application) or the logic that is included in the peripherals can be initiated operational code (for example order or subroutine) through the transmission of bus to the op-code storage device that is associated with processing unit 104, so that to processing unit 104 solicit operations.
Therefore, in certain embodiments, information-storing device 106 can comprise the op-code storage device, makes first module 102 that operational code is written to the op-code storage device to initiate operation.The instance of operational code comprises the operational code that is used to carry out subroutine, subroutine sequence or order or the like.In example embodiment shown in Figure 1B, wherein op-code storage device 106b is provided as the part of the information-storing device 106 of equipment 100.
As will being described after a while, in example embodiment, the op-code storage device can dispose, and makes the op-code storage device can be configured to protected during operation and avoids the write operation sign indicating number.
The operation of being carried out by processing unit 104 can comprise the execution that exclusive data is handled in certain embodiments.In certain embodiments, the operation of being carried out by processing unit 104 comprises the various operations that are associated with the operational code set.Operational code set can comprise the operational code (for example subroutine execution word) of the operational code (for example command word) that is used for order or subroutine or be used for the operational code of subroutine sequence.
First information memory storage 106a can comprise the digital information storage of any kind, for example impact damper, register, RAM storer or the like.In instance, first information memory storage 106a for example can comprise the memory storage (for example based on transistorized memory storage) of volatibility type, for example register or impact damper.Information stores assembly 106 can comprise other information-storing devices in certain embodiments, and it can belong to identical or different types with first information memory storage 106a.
In certain embodiments, the additional memory devices such as nonvolatile memory may be provided in the equipment 100, and the ROM that for example is used to start perhaps is used for the flash memory of storing data information or program information.Nonvolatile memory devices can be according to the function needs by subregion or separately, for example flash memory can be divided into data flash memory, program flash memory and key flash memory.In the additional nonvolatile memory some can also be access restricted; For example make that only processing unit 104 is allowed to read/write on the key flash memory, because the key that is stored in the flash memory is counted as the security information that only can be used for processing unit 104.
First module 102 for example is coupled to first information memory storage 106a via bus, and processing unit 104 also is coupled to first information memory storage 106a and reads and writing information being used to.In certain embodiments, processing unit 104 is embodied in the module, and first information memory storage 106a also is the part of this module.Module or processing unit 104 can have main equipment (master) and slave unit (slave) function in certain embodiments, make the function of slave unit of function and bus of main equipment of bus to be provided.
In example embodiment, processing unit 104 can be that the secure data that is used for first module 102 is handled expansion, for example the engine or the password state machine of password program control.Processing unit 104 for example can be carried out the relevant operation of safety to be used to the carrying out relevant data processing of safety, and it can comprise coding or decoding, code verification, authentication and other processing.The sample list of safe operation comprises AES standard 128 bit cipher functions, and for example ECB encryption, ECB deciphering, CBC encrypt, CBC deciphers, CMAC generates, CMAC verifies or the like.
The relevant operational example of safety is implemented or authentication or authorize new projects, unit, component groups or the like when integrated or when replacing off-the-shelf item new as being used in the equipment 100 being used for.In addition, the relevant operational example of safety is decoded to software code as being used in the equipment 100 being used for, so that be provided for software security or other codings or the decoding function of equipment 100.And the relevant operational example of safety be as can being used in the equipment 100, to be used for providing through software vacation or that damage that detection offers CPU the clean boot of equipment.Yet, should be noted that above-mentioned only is some instances in many uses of the relevant operation of safety.
In certain embodiments, the operational code set that particular safety is relevant can be provided to be used to initiate the relevant operation of safety of respective type.So processing unit can be configured to decode subroutine relevant with at least one safety that is provided for first module or the execution of relevant order safely.
In certain embodiments, processing unit 104 can be hardware based basically processing unit (a for example state machine), and it provides hardware based data processing.For example, in one embodiment, processing unit 104 can provide the secure hardware expansion of the relevant operation of above-mentioned safety.Although the dirigibility of hardware based data processing possibility restriction system, yet in view of being not easy to receive the manipulation from the hostile user, it has increased the security of data processing.
In other embodiments, processing unit 104 can be the processing unit of the relevant type of CPU or CPU.
In information-storing device 106a, transmit with the instance of canned data comprise the data relevant, the input parameter of the operation input parameter of subroutine (for example order or) with operation types, perhaps be associated with respect to the execution of data processing operation or by other parameters of processing unit 104 needs.In addition, in certain embodiments, first information memory storage 106a also stores the output information of the operation of being carried out by processing unit 104, and it will be exported after carrying out.Output information for example can be passed to the first module 102 of having asked operation.Such output information comprises the output parameter of subroutine or order, its for example be result, result middle or part or with any other relevant output parameter of operation of carrying out by processing unit 104.In certain embodiments, first information memory storage can be a data storage device of for example storing the input and output data message.
In example embodiment, control first information memory storage 106a with the mode of the known use that is different from information-storing device about read/write visit.Usually can visit with processing unit 104 by first module 102 and be arranged to provisionally for first module 104, can not visit with the first information memory storage 106a that is used to read with writing information.In more detail, first information memory storage 106a operating period of being provided in processing unit 104 no longer can visit for first module 102.Yet first information memory storage 106a is still for the processing unit of executable operations and can visits fully.
In other words; First information memory storage 106a has the specific access protection; Its protection first information memory storage 106a avoids first module 102 (and any other external unit; If provide) write or read access, yet simultaneously during operation first information memory storage 106a can visit fully by processing unit 104.For example; Processing unit 104 can read the information that is stored among the first information memory storage 106a during operation, and processing unit 104 can be written to information (for example middle or Inside Parameter Value, result or other information) the untapped position of first information memory storage 106a or can utilize fresh information to rewrite the information among the first information memory storage 106a that is stored in during operation.In example embodiment, above-mentioned visit protection can be that hardware is implemented, and prevents that promptly the logic of visiting from can be the logic that complete hardware is implemented.This can provide security in addition, because potential assailant can not make modification to security mechanism.
First information memory storage 106a above-mentioned is provided with the permission safe operation in first access module and in second access module; Make that the data processing of being carried out by processing unit 104 can be provided independently; Wherein information-storing device 106a can be visited by first module 102 and processing unit 104 or other external units fully in first access module; First information memory storage 106a only can carry out limited accass by the processing unit visit and by first module 102 (with any other unit, if provide) in second access module.And first information memory storage 106a can be used to store internal information during operation by processing unit 104, for example the intermediate data result the term of execution of data or the like, pointer value or the like.This information can be safety-critical, and can be protected in order to avoid read any outside during operation by above-mentioned visit protection control.In first information memory storage 106a, write, no longer be that essential information can or can utilize other information to rewrite by processing unit 104 by deletion.
Although possibly be used to implement the adjunct circuit of the control of above-mentioned protection; But, in the safety of being undertaken relevant operating period safety and data processing independently are provided still simultaneously by processing unit 104 in view of using and can realize reducing of storage space in the inside of first information memory storage during operation.
Should note; In example embodiment; First module 102 asks to be processed the operation that unit 104 is carried out through operational code being passed to the op-code storage device and information being passed to first information memory storage 106a; But as long as carried out and should be operated by processing unit 104, first module 102 just automatically loses any visit or the control of first information memory storage 106a at least after beginning this operation basically.This allows using very efficiently of storage space; Because when preventing that still the assailant from extracting any information relevant with the internal data processing that is provided by processing unit 104; The storage space of first information memory storage 106a can be used to various tasks, is for example write input parameter, is read output parameter and during operation by processing unit 104 canned datas by first module 102 by first module 102.
In certain embodiments, first information memory storage 106a is provided by interface or is provided as the part of the interface between first module 102 and the processing unit 104.Such interface can be a user interface.In certain embodiments, except first information memory storage, this interface can also have op-code storage device and/or status bits memory storage.First module 102 for example can be asked the operation carried out by processing unit 104 through information being sent to information-storing device 106, and will be such as input parameter or the like offer first information memory storage 106a with the relevant information of operation.Such interface with above-mentioned visit protection can be counted as the safe interface between processing unit 104 and the first module 102 then, because it is in the term of execution protection and the independent operation of processing unit 104 is provided of operation.
The visit protection can provide to be similar to hardware mode in certain embodiments.In certain embodiments, first information memory storage 106a can be through electrically being decoupled to transistorized control, by the visit protection time, writes or read preventing.In certain embodiments, logical circuit can be implemented, and when when the visit guard period is attempted reading by first module, this logical circuit provides predetermined bit sequences (for example having complete zero bit sequence) to turn back to first module 102.
In example embodiment, the outside that is controlled at first module 102 of visit protection, for example the controller that is associated with first information memory storage 106a or with controller that processing unit 104 is associated in.
In certain embodiments, control by processing unit 104 for the visit protection of first information memory storage 106a.Therefore in addition, which physical storage device to be the control of the part of first information memory storage 106a about, and can also to provide by processing unit 104 control of the size of first information memory storage 106a.Fig. 6 illustrates wherein processing unit 104 controls to the block diagram of the instance of the visit protection of first information memory storage 106a, op-code storage device 106b and state information storing means 106c.First information memory storage 106a, op-code storage device 106b and status storage 106c are parts that is coupled to the user interface 108 of EBI 110.EBI 110 can be connected to bus 112 and information is delivered to first module 102 (not shown in Fig. 6) and conversely information is delivered to one of memory storage 106a, 106b or 106c from first module 102 via bus 112 from first information memory storage 106a, op-code storage device 106b or state information storing means 106c being used for.User interface 108 also is coupled to processing unit 104 to be used for being delivered to processing unit 104 at this canned data and conversely information being delivered to user interface 108 from processing unit 104.
Controller can be implemented based on the operational code that in the op-code storage device, is write by first module first information memory storage is switched to second operator scheme from first operator scheme in one embodiment.The data information memory device is configured to for first module, can read/write visit in first operator scheme, and is being configured in second operator scheme only for for the processing unit of operational code execution data processing, can read/write visiting.
Visit protection control as in above-mentioned example embodiment, summarizing can be used to provide safeguard protection flexibly, as will further summarizing hereinafter.For example, in one embodiment, first information memory storage can comprise a plurality of subelement memory storages, perhaps can be subdivided into a plurality of subelement memory storages.For example, in one embodiment, the subelement memory storage can be single register, makes first information memory storage 106a comprise a plurality of single registers.Yet, can other subelement memory storages be provided through information-storing device 106 being subdivided into a plurality of zones, part or section.So can being independent of each other subelement memory storage, each in a plurality of subelement memory storages protected by independent accessing.The visit protection can be changed during data processing.For example, when during data processing, accomplishing the execution of subroutine or order, the next subroutine in can handling for identical data or the execution of order change the type of protection.And; In the different sub memory cell each can have dissimilar protections, for example operation the term of execution with respect to the first kind (not reading and write-access) of the read/write of first module 102 protection, the term of execution allow second type that first module 102 reads and write, or only allow first module 102 to read but do not allow the 3rd type that writes or the like.In other words, can visit protection be set separately and independently, and can be used for reading, write or this two active protection is provided with the visit protection separately and independently for each subelement memory storage.
In one embodiment, beginning operation during the data processing by processing unit 104 before, can confirm that in the available information memory storage 106 which is included among the first information memory storage 106a of the visit protection with above-outlined.Through before the execution of operation, confirming first information memory storage 106a, the storage size of first information memory storage 106a can be changed during data processing.Also can during data processing, begin to be changed before the operation for first information memory storage or for the type that the visit of each subelement memory storage is protected.For example; When first information memory storage 106a comprises a plurality of register; Can be confirmed as the part of first information memory storage from first set of the register of a plurality of registers, and independent visit protection can be assigned to each register with above-mentioned visit protection.So really, fix among the embodiment and can depend on operation types.In one embodiment, can after confirming to be provided for the operational code of op-code storage device, provide this to confirm.In other words, can during data processing, be fit to the needs of current operation individually, for example during handling before the beginning specific operation about the size that writes and/or read information-storing device with specific protection.
In certain embodiments; Operating period at processing unit 104 can provide selective protection; It only allows write-access (or read access or this two) to a particular opcode or specific operation code character when every other operational code is kept write protection.In certain embodiments, in the op-code storage device, implement such selective protection.In other words, op-code storage is installed on by protection optionally in order to avoid write operation sign indicating number during operation.In an example embodiment, the particular opcode that allows to write in the operating period of processing unit 104 can be the operational code that is used for abort commands, and it causes the termination operated.This is limited in the possibility that operating period attacks, and only allows hang up and any other operational code is not provided during operation.
In addition, in certain embodiments, can be provided in the control that only allows the particular opcode quilt then to carry out after the execution of complete operation sign indicating number.For example, can allow only to come executable operations sign indicating number sequentially with specific order.This increases the added security for possible attack, and prevents to detect the information with respect to the data processing of processing unit 104.
In certain embodiments, except first information memory storage 106a, information-storing device 106 can also comprise the information-storing device that at least one is other, its can be in the operating period of processing unit 104 can read and/or can write.For example, information-storing device 106 can comprise state information storing means, and it may be provided in the operating period of processing unit 104 according to an embodiment and for first module 102, can read.
After the execution of operation, first information memory storage 106a can be made once more and for first module 102, can be visited.So allow first module 102 to read information, the information of the mistake that the output parameter of for example operating, the state of operation or indication occur during operation from first information memory storage 106a.In certain embodiments, first information memory storage 106a can be caught only after the sequence of operation (for example command sequence or subroutine sequence) is done, can visit.In certain embodiments, first information memory storage can be caught after the operation of accomplishing be can read but can not write, and only after the sequence of operation is done, can read/write visit.
In certain embodiments, can after complete operation, provide interruption to notify first module 102 or system about this completion.Providing in certain embodiments of interrupting can be depended on operational code.In certain embodiments, one or more dedicated bit can be provided in the op-code storage device, after the completion of the operation of indicating, whether interruption be provided by operational code with indication.
In certain embodiments, can after the termination of operation, interruption be provided.In certain embodiments, after the termination of operation, suppress to interrupt.In certain embodiments, the selectivity interrupt mechanism can be provided, whether its termination that allows to be configured in operation provides interruption afterwards.The selectivity interrupt scheme allows the additional dirigibility and the use of customization aspect the security of system.
First information memory storage 106a can be segmented on function according to the output information that offers first module 102.For example; First information memory storage 106a can comprise: be exclusively used in the state information storing means of the state (for example through one or more status bits) of output function, perhaps be exclusively used in the error message memory storage of the error message of the type of exporting wrong during operation appearance of indication and/or mistake.That kind of as above being summarized, for these information-storing devices, can also be separately the visit protection to be provided with mode independently.
In certain embodiments, the change of state (change of for example in state information storing means, being indicated by status bits) can cause labelling of interruption.In certain embodiments, the op-code storage device can comprise and be used to store indication after the completion of operation and/or whether will be to interrupting the dedicated storage means of a tagged information after the termination of operating.Such information can be the interruption enable bit that is stored in the op-code storage device in certain embodiments.In certain embodiments, interrupt enable bit can operation the term of execution be changed.This allows when operation is ended, to suppress to interrupt.For this reason, when the operational code of the termination that is used for operating was written into the op-code storage device, interrupting enable bit can be to forbid by deletion or from enabling to be changed.
As preceding text are already mentioned; Except first module 102; Equipment 100 can also comprise other unit in certain embodiments, and they can be connected to first information memory storage 106a to be used to ask and be provided for the input parameter information of the operation of treatment facility 104.In certain embodiments, therefore the first memory storage 106a is coupled to the bus with a plurality of unit (comprising first module 102) that are connected to it.Fig. 5 illustrates the instance of the equipment 100 with programme controlled processor 500 of having CPU nuclear 502 and peripherals 504.Processor 500 and peripherals 504 506 are connected to the information stores assembly 106 that comprises first information memory storage 106a and op-code storage device 106b via interconnecting in length and breadth.Information stores assembly 106 is the parts that also comprise the module 510 of processing unit 104.Information stores assembly 508 is provided, and it for example can comprise startup ROM, Data Flash, program flash memory and key flash memory.Processor 500 and peripherals 504 are via 506 being connected to second memory module 508 in length and breadth.Module 510 also is connected to memory module 508 to read or to write data from it.The some parts of memory module 508 (for example key flash memory) can only can be visited by processing unit 104 from safety reasons.
Flow process Figure 200 of the instantiation procedure that for example can in equipment 100, implement will be shown with respect to Fig. 2 now.Flow process Figure 200 starts from the first information is provided to from first module the first information memory storage to be used to carry out first operation of processing unit 202.
First information memory storage is configured to for first module, can not visit 204.Protection first information memory storage is in order to avoid read and in order to avoid by first module first information memory storage is write from first information memory storage by first module.In an embodiment; When after the operational code that is being used for executable operations is passed to the op-code storage device from first module, it being stored in the op-code storage device, automatically activating and making first information memory storage during operation is the setting that can not visit for first module.In other words, when op-code storage was stored in the op-code storage device, first information memory storage was automatically locked to be used for the visit protection of first module.It is can automatically becoming locked in the above-mentioned visit protection and realize through being based on writing of operational code in the op-code storage device of can not visiting that first information memory storage is arranged to for first module 102.In certain embodiments, automatically locking can be that hardware is implemented.For example, the logic that hardware is implemented can confirm to be written to the code word in the op-code storage device, and can depend on this and confirm to lock first information memory storage.In certain embodiments, if first module 102 is attempted or attempted between lockup period, to read from first information memory storage, then predefined bit mode (information that for example only comprises the bit of 0 value) can be returned first module 102.In certain embodiments, if first module 102 is attempted or attempted writing information in lock-out state, then can under the situation of return messages not, ignore this and write.In certain embodiments, the information such as message can be returned first module 102.
206, first operating period of processing unit at processing unit with transmit second information at least between the first information memory storage.Second information can be written in the first information memory storage by processing unit because the operating period of processing unit first information memory storage can read/write for processing unit visit.In example embodiment, processing unit is the only element that can carry out the read/write visit to first information memory storage in the operating period of handling.
In example embodiment, processing unit is visited information among the first information memory storage 106a during operation to calculate at least one result based on this information.
Therefore, can be passed to processing unit in first operating period, for example be passed to the internal register of processing unit 104 from least a portion of the information of first information memory storage 106a.
As preceding text are summarized, the result of the order that for example will carry out by processing unit as the indication of being transmitted or the operational code of subroutine, the operation types of processing unit can be selected by first module.Operational code can be stored in the op-code storage device.Treatment facility can be from op-code storage device read opcode, and decoding is the analysis operation sign indicating number also, and based on this operational code operation is provided.Yet, the op-code storage device about operational code can be write protection optionally, promptly one or more particular opcode can be allowed to when all the other are by locking (block), be written into.Instance at process flow diagram shown in Fig. 3 300.
Process flow diagram 300 starts from the first information is sent to first information memory storage from first module 302.304, first module is written to operational code in the op-code storage device.The op-code storage device for example can comprise commands buffer or command register.First information memory storage and op-code storage device can all be the part of the interface that between processing unit and first module, provides in an example embodiment.
306, it is write protection that the op-code storage device is configured to respect to first module then.Be activated through writing in an embodiment with respect to the setting of the write protection of first module by 304 operational codes that provide.Write protection can be optionally write protection, makes when the op-code storage device is not write protection for an operational code at least, not go into protection for operation code character enable write.In addition, 306, first information memory storage is configured to write/fetch protection with respect to first module.The writing of the write protection of op-code storage device and first information memory storage/fetch protection can activate based on operational code being written in the op-code storage device and through operational code is written in the op-code storage device.308, processing unit can be carried out data processing operation (subroutine of for example being asked or the execution of order) based on the operational code that is passed to the op-code storage device from first module then.310, the information in the first information memory storage is eliminated and the output of data processing result or other output parameters of institute's requested operation (for example for) is write first information memory storage by data processing unit.Then, 312, the output of data processing is read by first module.
In example embodiment, first information memory storage can automatically be locked in order to avoid the read/write visit of first module based on the operational code in the op-code storage device.
In some example embodiment, data processing unit can be about the new state notice first module of the operation that is done.
When through the hang up sign indicating number being written to when coming hang up in the op-code storage device, at least a portion of the information in the first information memory storage can not be visited, and promptly after ending, for first module, can not read in operation.For this reason, when the operational code that is provided for ending, can delete information.In certain embodiments, all information of first information memory storage possibly can not be visited for first module after ending, for example through all information in the deletion first information memory storage.
In addition, when complete operation under the situation of not ending, first module possibly be able to read the only part of information, the for example expection of subroutine or order output result.(for example as the inside or the intermediate result value) that by this way, can prevent to write during operation and possibly be that the information of safety-critical is outputed to first module allowing to obtain the message context relevant with operation, the functional structure of processing unit by processing unit.For this reason, according to an instance, when operation was done or ends, the output result of operation was written into first information memory storage, and at least a portion of the information except the output result is eliminated or removes.Only after the deletion of information, just give read/write visit to first information memory storage to first module.
In other words; First information memory storage prevents that the first of the information in the first information memory storage after operation is done or ends from outwards exporting, but allows the second portion of the information in the first information memory storage after operation is done to be outputed to first module.
In one embodiment, the restriction control circuit can be implemented so that the access control to first information memory storage to be provided.The restriction control circuit can limit the visit to first information memory storage in the following manner.When the subroutine that will be carried out by processing unit when the first module request or the execution of order, the information that is used to carry out subroutine or order is provided to first information memory storage from first module.After information is provided to first information memory storage, for first module and other the possible unit except processing unit provide the restrict access of restriction to the visit of first information memory storage.
In addition, as preceding text have been summarized, can also restrict access be provided for second information-storing device (for instance, for example op-code storage device).
Fig. 4 A to 4D illustrates the sequential chart that uses according to the example of above-mentioned first information memory storage and op-code storage device now.
Fig. 4 A illustrate three operations wherein in Fig. 4 A, being called OP1, OP2 and OP3 as the part of data processing by the sequential chart of the instance of sequentially carrying out.Operational example is as comprising the execution according to the operational code of three command words.Before beginning to operate OP1, first information memory storage and op-code storage device are that WE enables (read/write enables) with reading.The operational code of operation OP1 is passed to the op-code storage device from first module then, and operates 1 input parameter and be passed to first information memory storage from first module.After the operational code and input parameter of storage operation OP1, it is the read/write protection that the protected mode of first information memory storage enables to be changed from read/write with respect to first module and every other external unit then.With respect to the processing unit of executable operations OP1, first information memory storage be still can read/write visit.In the op-code storage device, the visit protection enables to be changed for writing locking from read/write.In the instance shown in Fig. 4 A, writing the locking pattern is selectivity locking pattern, the writing of all operations sign indicating number of its locking except predetermined opcode (operational code that for example is used for hang up).The memory storage (storage) that provides at least one input parameter and at least one output parameter can dynamically be arranged such that in an embodiment; For each operation, memory storage can depend on performed operation and be assigned with to the input and output parameter.In certain embodiments, the memory storage that is used for the input and output parameter can be overlapping, makes the memory storage that is used for input parameter be used to store output parameter at least in part.
The operation OP1 the term of execution, first information memory storage and op-code storage device remain in the above-mentioned pattern.After accomplishing execution, first information memory storage is set to read/write once more and enables.Data processing unit then can be about the new state notice first module of the operation that is done, and first module is written to the output parameter in the first information memory storage by processing unit can read out in the term of execution.In addition, after accomplishing the first operation OP1, the op-code storage device is set to once more can read/write.The new input parameter of the new operational code of operation OP2 and operation OP2 is transmitted and is stored in op-code storage device and the first information memory storage respectively then, and operation OP2 and another are operated OP3 and be performed with above-mentioned mode.
Fig. 4 B illustrates the instance of Fig. 4 A when during operation OP2, occurring ending.As visible in Fig. 4 B, be passed to the op-code storage device from first module at the term of execution hang up sign indicating number of operation OP2.Although operational code is set to selectivity and writes locking,, therefore allow the hang up sign indicating number to be written in the op-code storage device because the hang up sign indicating number is one of particular opcode.
After the hang up sign indicating number was written in the op-code storage device, operation was eliminated by the information of ending and be stored in the first information memory storage.As preceding text were summarized, all information that are stored in the first information memory storage can be deleted, and perhaps the selectively removing of information can be performed.After the information from first information memory storage was eliminated, first information memory storage turned back to the read/write enable mode, and it further allows information is write wherein.And the op-code storage device turns back to the pattern that read/write is enabled.
Fig. 4 C illustrates the instance that the operation output of intermediate result afterwards that wherein is utilized in each completion comes executable operations sequence OP1a, OP1b, OP1c.This sequence of operation for example is the sequence of subroutine or order in one embodiment.At first, first information memory storage and op-code storage device are that read/write enables, and input parameter is written into first information memory storage.The operational code OP1a that is used for executable operations OP1a is written to the op-code storage device.Then, in operation after OP1a is done, the first information be set to be read enable but be not WE.This allows to read from the first information memory storage intermediate result of each operation.Only after accomplishing whole sequence, first information memory storage and op-code storage device just are set to can read/write for all unit.After complete operation 1a and 1b, it is that the corresponding subsequent operation sign indicating number with in the permission sequence that can write is written in the op-code storage device that the op-code storage device is set to once more for first module.Operational code write the switching that automatically is activated to following pattern then; In this pattern, for first module locking reading about first information memory storage with write-access and about the write-access of op-code storage device (except the selectivity operational code).
For each operation of the subroutine or the sequence of operation, can before the corresponding operation of beginning, new input parameter be write first information memory storage.This possibly depend on the last operation that is provided with the visit protection of first information memory storage.Therefore, in certain embodiments, which visit protection the last operation of in the sequence of operation, carrying out confirms between two continued operations, to use.Replacement switches between continued operation as " reading and enable/write locking " in the protected mode shown in Fig. 4 C for first information memory storage; First information memory storage can switch to pattern " read/write enables " after complete operation, it also allows intermediate result one or more new input parameters are written in the first information memory storage except allowing to read.Therefore visit protection above two between the continued operation in the sequence of operation can all appear in the sequence of operation in certain embodiments; Make after an operational code; Do not import new input information; And therefore the protected mode pattern that is switched to " reads and enables/write locking ", and while protected mode for another operational code is switched to read/write and enables to allow to write new input parameter.
In addition, in certain embodiments, the visit protection between two operations of the sequence of operation can be different for the different piece or the parts (part) of first information memory storage.For example; The selected sub-memory storage of the specific part of first information memory storage or first information memory storage (for example register) can be set to " read and enable/write locking " after operation, and another part of first information memory storage or other selected sub-memory storages can be " read/write enables " after identical operations.This will allow when new input parameter will be written between two continued operations, and only confined area is allowed to by the first module visit, and other storage areas of first information memory storage or sub-memory storage are still protected.After carrying out, can the depending on performed operational code and be dynamically selected of first information memory storage as the selected portion of WE or sub-memory storage.
In certain embodiments, and compare, can utilize the storage space of first information memory storage for input parameter differently for output parameter.In addition, in certain embodiments, output parameter is allowed to rewrite input parameter, so that utilize storage space with mode the most efficiently.
Therefore Fig. 4 C illustrates, and in some instances, when for example between two continued operations during the processing unit undo, first information memory storage can optionally be visited at least.
Fig. 4 D illustrates the instance that is similar to Fig. 4 C but after the subroutine of each completion, does not read intermediate result.Here, from this sequence first the operation OP1a beginning till the completion of the last operation OP1c of this sequence, first information memory storage 106a is set to read/write locking (except processing unit).
Above-mentioned instance illustrates, and can utilize described protection mechanism to realize separately and protection flexibly.This protection for example can comprise the dissimilar protection for dissimilar operational codes.In addition, although not shown in Fig. 4 A-4D, only the part of first information memory storage 106a can have above-mentioned protection, and other parts of first information memory storage can operation the term of execution have other protections about reading and writing.In other words, this protection can comprise the difference protection type of the different piece that is assigned to first information memory storage or sub-memory storage.In addition, can depend on type in certain embodiments for the distribution of different piece or sub-memory storage like the operational code of preceding text general introduction.Except first information memory storage 106a, can to second or another information-storing device identical protection mechanism is provided, thereby allow during dissimilar protection about first, second and another information-storing device by the processing unit executable operations.And can having fixedly, other information-storing devices of protection scheme can be provided the for example only exclusive protection of reading and writing for processing unit of permission.
In the superincumbent description, embodiment is shown and described at this, thereby makes those skilled in the art carry out instruction disclosed herein with enough details.Other embodiment can be utilized and derived from it, feasible replacement and the change that can under the situation that does not depart from the scope of the present disclosure, make structure and logic.
Therefore this detailed description is not taken on the restrictive, sense to be understood, and the four corner of the equivalent that only is authorized to accompanying claims and such claim of the scope of various embodiment limits.
Such embodiment of theme of the present invention can be referred to by term " invention " at this individually and/or jointly, and this only is to plan for convenience and not of one's own accord the application's scope is restricted to any single invention or inventive concept (if in fact disclosing more than).Therefore, although, should be realized that the specific embodiment shown in any layout of planning in order to realize identical purpose can replace this illustrate and described specific embodiment.The disclosure plans to cover any He all adaptations or the change of various embodiment.To those skilled in the art, after the description on checked, the combination of the foregoing description and will not be conspicuous at these specifically described other embodiment.
It shall yet further be noted that particular term used in instructions and claims can explain on very wide in range meaning.For example, will not only comprise hardware but also comprise on the meaning of software, firmware or its any combination and explaining at this used term " circuit " or " Circuits System (circuitry) ".Term " data " can be interpreted as and comprise any type of expression, and for example simulating signal is represented, digital signal is represented, the modulation on the carrier signal or the like.Term " information " can also comprise other forms of expression information except any type of numerical information.Term " entity " or " unit " can comprise any unit circuit, hardware, software, firmware, chip or other semiconductors and logical block or subelement or physical implementation or the like in an embodiment.In addition, term " coupling " or " connection " can be explained on wide in range meaning, thereby not only cover direct but also the covering indirect coupling.
It shall yet further be noted that the one or more enforcements in the segmentation that can also be included in one or more fructifications or described entity the enforcement of the combination described embodiment of special entity in these entities.
Form its a part of accompanying drawing mode unrestricted the specific embodiment that wherein can carry out this theme is shown through explanation.
In foregoing detailed description, can see that from the purpose that present disclosure is simplified, various characteristics are collected at together in single embodiment.This open method should not be interpreted as and reflect following intention, i.e. the embodiment of requirement protection need be than the more characteristic of clearly putting down in writing in each claim.But as following claim reflected, subject matter was all characteristics characteristic still less than single disclosed embodiment.Therefore, following claim is incorporated in this detailed description thus, and wherein each claim can be independently as independent embodiment.Though each claim can be independently as independent embodiment; But it should be noted that; Although dependent claims can refer to the particular combination with one or more other claims in claims, other embodiment can also comprise the combination of the theme of dependent claims and each other dependent claims.Being combined in this and being suggested like this, only if explained particular combination be not plan.In addition, intention also is included in any other independent claims with the characteristic of a claim, is not subordinated to this independent claims even this claim directly makes.
Should also be noted that; Disclosed method can be implemented through equipment in instructions or in claims, said equipment have the corresponding steps that is used for carrying out these methods each device or be configured for the circuit of the corresponding steps of these methods of execution.
In addition, the disclosure that should also be understood that in instructions or claims disclosed a plurality of steps or function cannot be interpreted as in certain order.Therefore, the disclosure of a plurality of steps or function will not be restricted to certain order to these, only if such step or function are started from the former of technology thereby can not be exchanged.
In addition, in certain embodiments, single step can comprise a plurality of substeps or can be divided into a plurality of substeps.Such substep can be included in the part of disclosure of this single step, only if clearly get rid of.

Claims (31)

1. method comprises:
The first information is provided to the first information memory storage to be used to carry out first operation of processing unit from first module;
Wherein, in first operating period of processing unit, second information processing unit and at least between the first information memory storage by being transmitted,
Wherein, first information memory storage is included in the visit protection of first operating period of processing unit, and first information memory storage can not be visited for first module in said visit protection.
2. method according to claim 1, wherein, first information memory storage first operating period of processing unit only can read access for processing unit with can write-access.
3. method according to claim 1,
The first information is provided to processing unit from first information memory storage; And
Based on first information calculating at least one result in first operating period.
4. method according to claim 1; Wherein, Data processing type can be selected by first module through operational code is written to the op-code storage device in first operating period of processing unit, and wherein data processing type is confirmed the visit protection type in first operating period first operation.
5. method according to claim 1; Wherein, the visit protection provides the visit protection type that is different from for another part or another sub-memory storage of first information memory storage at least one part or at least one sub-memory storage of first information memory storage.
6. method according to claim 1, wherein, first module is programme controlled unit or peripherals.
7. method according to claim 1, wherein, first operation comprises execution or the execution of order or the execution of command sequence of execution or the subroutine sequence of subroutine, wherein the first information comprises at least one in following:
The input parameter of-subroutine or subroutine sequence or order or command sequence, and
The identifier of the type of-subroutine or order.
8. method according to claim 1; Wherein, First operation is at least one the execution in subroutine or order or subroutine sequence or the command sequence, wherein when the execution of operation begins first information memory storage by locking automatically in order to avoid the read/write visit.
9. method according to claim 1; Wherein, First operation is the execution of the sequence of operation; Wherein between two continued operations of the sequence of operation, depend on the last operation of carrying out in two continued operations, first module is selected to the visit of first information memory storage and is in one of following access module:
-WE with read locking,
-WE enables with reading,
-write locking and read locking,
-write locking and read and enable.
10. method according to claim 1; Wherein, First module is written to first operation of op-code storage device to be used to initiate undertaken by processing unit with operational code from first module, wherein comes to activate first information memory storage to the visit protection through operational code being written to the op-code storage device.
11. method according to claim 1, wherein, first module is written to first operation of op-code storage device to be used to initiate undertaken by processing unit with operational code from first module; And
Wherein the op-code storage device is protected in order to avoid at first operating period write operation sign indicating number.
12. method according to claim 11; Wherein, The op-code storage device is optionally protected in order to avoid at first operating period write operation sign indicating number; Make that the op-code storage device is write protection with respect to first set of operational code, and the op-code storage device is a WE for the writing of at least one other operational code.
13. method according to claim 1, wherein, after carrying out, first information memory storage be caught for first module be can visit to be used for reading following at least one:
The output parameter of-the first operation;
The state of-the first operation; And
-indication is in the information of the mistake of first operating period appearance.
14. method according to claim 1, wherein, after ending first operation, at least a portion that has been stored in the information in the first information memory storage in first operating period can not be visited for first module.
15. method according to claim 1 also comprises:
The result of first operation is stored in the first information memory storage;
After operation was done or ends, deletion was stored at least a portion of the information in the first information memory storage; And
After deletion was done, the visit that first module is provided was to read the result of first operation.
16. method according to claim 1 wherein, after operation is done or ends, prevents that the first of the information in the first information memory storage that is stored in first operating period from being exported, and
Wherein, after first operation was done, the second portion of the information in first information memory storage was outputed to first module.
17. method according to claim 1; Wherein, Processing unit is confirmed the configuration of first information memory storage before first operation, wherein this configuration comprise first information memory storage size, be included in subelement memory storage in the first information memory storage, first operating period in the protection of first information memory storage at least one.
18. a restriction is to the method for the visit of information-storing device, this method comprises:
Request is to the execution of subroutine or order, and wherein this execution is asked by first module and this subroutine or order are carried out by processing unit;
Through first module the information that is used to carry out subroutine or order is offered first information memory storage; And
The restrict access of restriction first module to the visit of first information memory storage is provided.
19. an equipment comprises:
Processing unit, it carries out data processing operation;
First information memory storage, it can carry out read access and write-access by processing unit;
First module, it initiates the data processing operation from processing unit;
Access control; It is configured to maybe can be configured to switch to second pattern from first access module; First information memory storage can be conducted interviews by first module in first access module, and first information memory storage can not be visited for first module during data processing operation in second pattern.
20. equipment according to claim 19,
Wherein, this access control is configured to maybe can be configured to come automatically to switch to second pattern based on being written to the op-code storage device to the operational code of carrying out data processing operation by first module.
21. equipment according to claim 20 also is configured to maybe can be configured to handle the state of operating to the first module designation data.
22. equipment according to claim 21; Wherein, Processing unit is configured to maybe can be configured to be chosen in the configuration of first information memory storage before first operation, wherein this configuration comprise first information memory storage size, be included in subelement memory storage in the first information memory storage, first operating period in the protection of first information memory storage at least one.
23. equipment according to claim 22 wherein, can dispose the request of interrupting after the completion of operation or after the termination of operation.
24. an equipment comprises:
The op-code storage device;
Data storage device is used to be stored in the data of transmitting between first module and the data processing unit;
Wherein data processing unit is configured to carry out data processing operation based on the operational code that in the op-code storage device, is write by first module; And
Controller, the protected data memory storage avoided the visit of first module when it carried out data processing operation at data processing unit, and when data processing operation is done, enabled the visit of first module at least.
25. equipment according to claim 24, wherein, controller is configured to based on operational code being written to the protection that activates in the op-code storage device the data memory storage in order to avoid the visit of first module.
26. equipment according to claim 25, wherein, the data that are stored in the data storage device comprise at least one input parameter of data processing or at least one output parameter of data processing.
27. equipment according to claim 24, wherein, data storage device only can be read and write during data processing operation by processing unit.
28. equipment according to claim 26; Wherein, The visit of first module is at least one in the read access of write-access or first module of first module; And wherein depending on data processing operation, the data storage device that provides at least one input parameter and at least one output parameter can dynamically dispose.
29. an information storing device comprises:
The op-code storage device;
Data storage device, wherein this data storage device comprises a plurality of subelement memory storages;
Controller, its be stored in the op-code storage device in the data processing operation that is associated of operational code before, in a plurality of subelement memory storages each be configured in operational code the term of execution the read/write protection.
30. information storing device according to claim 29, wherein, controller also is configured to maybe can be configured to protect the write-access that during the opcode information memory storage, avoids first module.
31. information storing device according to claim 29; Wherein, Controller is provided optionally to protect the opcode information memory storage to avoid the information stores write-access of first module; Make that the operational code information-storing device is write protection under the situation in operational code is in first set of operational code, and make the opcode information memory storage be enabled to be used to write at least one other operational code.
CN201210027144.7A 2011-02-08 2012-02-08 There is the equipment of processing unit and information-storing device Active CN102637152B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US13/022835 2011-02-08
US13/022,835 US8924672B2 (en) 2011-02-08 2011-02-08 Device with processing unit and information storage

Publications (2)

Publication Number Publication Date
CN102637152A true CN102637152A (en) 2012-08-15
CN102637152B CN102637152B (en) 2015-09-30

Family

ID=46547143

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210027144.7A Active CN102637152B (en) 2011-02-08 2012-02-08 There is the equipment of processing unit and information-storing device

Country Status (3)

Country Link
US (2) US8924672B2 (en)
CN (1) CN102637152B (en)
DE (1) DE102012001756A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107045479A (en) * 2012-10-22 2017-08-15 英特尔公司 High-performance Interconnections physical layer

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040133794A1 (en) * 2001-03-28 2004-07-08 Kocher Paul C. Self-protecting digital content
US20060285398A1 (en) * 2005-06-20 2006-12-21 Renesas Technology Corp. Semiconductor device
CN101393587A (en) * 2007-09-21 2009-03-25 鸿富锦精密工业(深圳)有限公司 Mobile equipment with security protection function and security protection method thereof
CN101788958A (en) * 2010-02-04 2010-07-28 杭州晟元芯片技术有限公司 Method for protecting data of memorizer
US20100306848A1 (en) * 2007-05-09 2010-12-02 International Business Machines Corporation Method and Data Processing System to Prevent Manipulation of Computer Systems

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101604313B (en) * 2003-02-20 2012-07-04 松下电器产业株式会社 Information recording medium and region management method thereof
WO2008035616A1 (en) * 2006-09-20 2008-03-27 Panasonic Corporation Data transfer device and mobile telephone
US7512743B2 (en) 2006-11-07 2009-03-31 Spansion Llc Using shared memory with an execute-in-place processor and a co-processor
US8781127B2 (en) 2008-09-05 2014-07-15 Vixs Systems, Inc. Device with privileged memory and applications thereof
US8327249B2 (en) * 2009-08-20 2012-12-04 Broadcom Corporation Soft error rate protection for memories

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040133794A1 (en) * 2001-03-28 2004-07-08 Kocher Paul C. Self-protecting digital content
US20060285398A1 (en) * 2005-06-20 2006-12-21 Renesas Technology Corp. Semiconductor device
US20100306848A1 (en) * 2007-05-09 2010-12-02 International Business Machines Corporation Method and Data Processing System to Prevent Manipulation of Computer Systems
CN101393587A (en) * 2007-09-21 2009-03-25 鸿富锦精密工业(深圳)有限公司 Mobile equipment with security protection function and security protection method thereof
CN101788958A (en) * 2010-02-04 2010-07-28 杭州晟元芯片技术有限公司 Method for protecting data of memorizer

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107045479A (en) * 2012-10-22 2017-08-15 英特尔公司 High-performance Interconnections physical layer
CN107045479B (en) * 2012-10-22 2020-09-01 英特尔公司 High performance interconnect physical layer

Also Published As

Publication number Publication date
CN102637152B (en) 2015-09-30
US20120203989A1 (en) 2012-08-09
US20150154123A1 (en) 2015-06-04
US8924672B2 (en) 2014-12-30
DE102012001756A1 (en) 2012-08-09

Similar Documents

Publication Publication Date Title
CN101281506B (en) Memory domain based security control within data processing system
CN100371906C (en) Method and apparatus for determining access permission
US7168065B1 (en) Method for monitoring program flow to verify execution of proper instructions by a processor
JP5114617B2 (en) Secure terminal, program, and method for protecting private key
US8867746B2 (en) Method for protecting a control device against manipulation
CN101162492B (en) Protecting system control registers in a data processing apparatus
CN114450918B (en) Memory device having regions with individually programmable security access features
CN101788958A (en) Method for protecting data of memorizer
CN107003936B (en) Memory protection with non-readable pages
US9715601B2 (en) Secure access in a microcontroller system
US20070237325A1 (en) Method and apparatus to improve security of cryptographic systems
CN106599629B (en) Android application program reinforcing method and device
KR20060135467A (en) System and method of using a protected non-volatile memory
CN101004719A (en) Embedded system and method for increasing embedded system security
JP2001356963A (en) Semiconductor device and its control device
JP4591163B2 (en) Bus access control device
CN110968254A (en) Partition protection method and device for nonvolatile memory
CN109977702B (en) FPGA equipment encryption authentication system based on DS2432 chip
KR20190085387A (en) Semiconductor device and method for operating semiconductor device
US9779242B2 (en) Programmable secure bios mechanism in a trusted computing system
KR20170102285A (en) Security Elements
US7054121B2 (en) Protection circuit for preventing unauthorized access to the memory device of a processor
US20170046516A1 (en) Fuse-enabled secure bios mechanism in a trusted computing system
CN102637152B (en) There is the equipment of processing unit and information-storing device
CN111026683A (en) Method for accessing memory

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant